Mindmill's Steps to Optimisation

Mindmill can optimise your talent, no matter what stage you are at.

Mindmill cookie policy

Mindmill fully respects your right to privacy on the internet.

Mindmill's sites do use cookies. Cookies are small text files which are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts and provice anonymised tracking data for third party applications, like Google Analytics.As a rule, cookies will make your internet browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.

Mindmill terms and conditions

Thank you for using Mindmill. The following terms govern your use of and access to Mindmill, so we would ask that you read them carefully. If you have any questions in relation to the terms, please contact us at info@mindmill.co.uk.

1. The User Terms
1.1. These terms (User Terms) form a binding legal agreement (Agreement) between you as the user (you, your) and Mindmill (HR) Software Limited of 22-24 Lombard Street, Belfast, Northern Ireland, BT1 1RB (company no. NI059886) (we, us, our) and relate to how you may use the software or services provided by us to you (collectively, Mindmill). By accepting these User Terms, you agree to be bound by their effect.
1.2. References to clauses (unless otherwise provided) are references to the clauses of these User Terms. Words in the singular include the plural and in the plural include the singular. A reference to a particular law is a reference to it as it is in force for the time being, taking account of any amendment, extension, application or re-enactment and includes any subordinate legislation for the time being in force made under it. References to including and include(s) shall be deemed to mean respectively, including without limitation and include(s) without limitation.

2. Accepting The User Terms
In order to use Mindmill, you must first agree to the User Terms. You may not use Mindmill if you do not accept the User Terms. You can accept the User Terms by:
2.1.1. clicking to accept or agree to the User Terms where this option is made available to you in the user interface provided to you; or
2.1.2. by actually using Mindmill.
2.2. Please note that by clicking on any links while using Mindmill, you may access other websites owned by us or by a third party. Different terms of use may apply to your use of any such website, and you should check such terms before using that website.
2.3. You agree that we may modify the User Terms from time to time without notice. We recommend that you review the User Terms on a regular basis. You understand and agree that any use by you of Mindmill following changes having been posted by us will be deemed acceptance of any such changes.

3. Use Of Mindmill By You
3.1. In consideration of you agreeing to fully comply with and be bound by these User Terms, we hereby grant you a non-exclusive, non-assignable, non-transferrable, non-sub-licensable licence for the duration of the Agreement to use Mindmill for the purpose of undertaking an assessment test or questionnaire provided by us to you (Assessment).
3.2. You agree not to access (or attempt to access) any part of Mindmill by any means other than through the interface that is provided by us. You specifically agreement not to access (or attempt to access) any part of Mindmill through automated means, including use of scripts, robots, spiders, scrapers or web crawlers. You agree that you will not (a) take any action that imposes, or may impose (in each case at our sole discretion) an unreasonable or disproportionately large load on our infrastructure; (b) (save to the extent permitted by governing law) copy, duplicate, reproduce, rent, lease, loan, sell, trade, resell, modify, create derivative works, distribute or publicly display any part of Mindmill without prior written consent from us; (c) interfere or attempt to interfere with the proper working of Mindmill or any related activities conducted by us; (d) bypass any measures we may use to prevent or restrict access to Mindmill; and (e) attempt to reverse engineer, decompile or otherwise seek to obtain access to any source code in Mindmill.
3.3. You agree that you will not engage in any activity that interferes with or disrupts Mindmill or the servers and networks that are connected with Mindmill.

4. End User Data
4.1. Mindmill provides a means of capturing and analysing data. The data we collect from you may include personal data as defined by the Data Protection Act 1998 as amended. By providing any data to us through your use of Mindmill (any such data, End User Data), you acknowledge and consent to the End User data being transferred or stored outside the EEA. Please note that some places outside the EEA may offer lower levels of data protection than the UK. By submitting End User Data, you agree to this transfer, storing or processing.
4.2. By submitting your End User Data:
4.2.1. you grant a worldwide, royalty-free, non-exclusive licence to use the End User Data to us and any third parties with which we may work from time to time in the provision of our services;
4.2.2. you also explicitly consent to your End User Data being analysed and forming the basis of a report to be passed to the third party at whose request you are carrying out the Assessment (such content, Report); and
4.2.3. you represent and warrant that you have the lawful right to provide such End User Data and the necessary rights, power and authority to grant the licence at clause
4.2.4 above and you further represent and warrant that the use by us of the End User Data will not infringe the rights (including intellectual property rights) of any third party.

5. Intellectual Property
5.1. You acknowledge that we own or licence all legal rights, title and interest in and to Mindmill, including any intellectual property rights which subsist in Mindmill (whether those rights happen to be registered or not, and wherever in the world those rights may exist).
5.2. You agree not to use any of the trademarks, trade names, service marks, copyrights, logos, domain names, and/or other distinctive brand features belonging to us or any third party unless you have valid written permission to do so. You agree not to alter, remove or obscure any proprietary notices (including copyright and trademark notices) which may appear in or be held within Mindmill.
5.3. In the event that your use of Mindmill, if used in accordance with the User Terms, infringes any intellectual property rights of a third party, we may, at our sole discretion and expense, replace or modify Mindmill so that it is no longer infringing or obtain for you the right to continue using Mindmill. This therefore constitutes your sole remedy in relation to any such infringement.

6. Disclaimer and Limitation of Liability
6.1. Nothing in these User Terms, including this clause 6 shall exclude or limit any warranty or liability to the extent that the same may not be lawfully excluded or limited by applicable law, including liability for fraud or for death or personal injury caused by its negligence.
6.2. There are no conditions, warranties, representations or other terms, express or implied, that are binding on us except as specifically stated in these User Terms (including implied warranties and conditions of merchantability, fitness for a particular purpose and non-infringement). Any condition, warranty, representation or other terms concerning Mindmill which might otherwise be implied into or incorporated in these User Terms, or any collateral contract, or whether by statute, common law or otherwise, is hereby excluded to the fullest extent permitted by law.
6.3. While we will use every effort to ensure that Mindmill is available to you, you expressly understand that some of the functions of Mindmill rely on an internet connection being sustained and the appropriate equipment being maintained. As such, you expressly understand and so agree that your use of Mindmill is ‘as is’ and ‘as available’.
6.4. In particular, we do not represent or warrant to you that:
6.4.1. your use of Mindmill (including such use in conjunction with any other software) will meet your requirements, or that your use of Mindmill will be uninterrupted, timely, secure or free from error defects in the operation or functionality of Mindmill;
6.4.2. any information obtained by you or by a third party as a result of your use of Mindmill will be accurate or reliable; and/or
6.4.3. that defects in the operation or functionality of Mindmill will be corrected, rectified or remedied.
6.5. Any material downloaded or otherwise obtained from or accessed through your use of Mindmill is done so at your own discretion and risk, and you will be solely responsible for any damage, loss or prejudice to your computer system or other device or loss of data that results from the download or access of any such material.
6.6. In order for you to make use of Mindmill, it may be necessary for you to use particular computer equipment or to download or install certain pieces of software. If you are unable to access all or part of Mindmill because you do not have access to any necessary software or equipment, this will not constitute a breach of these User Terms by us and we shall not be liable for any loss, damage or expense which may result in your inability to access Mindmill.
6.7. You expressly understand and agree that we and our licensors shall not be liable to you for:
6.7.1. any direct, indirect, special, incidental or consequential loss or damage which may arise in respect of your use of Mindmill and/or its non-availability;
6.7.2. loss of profit, business revenue, goodwill and anticipated savings and/or job opportunities;
6.7.3. any trading or other losses which you may incur as a result of your or a third party’s reliance upon any content of Mindmill or any Report associated with your use of Mindmill;
6.7.4. the deletion or corruption of, or failure to store any content and other data maintained or transmitted by or through your use of Mindmill; or
6.7.5. any effect which the use of Mindmill may have on any software you use.
6.8. Subject to the clauses above, and in acknowledgement that your access to Mindmill is free of charge, the aggregate liability of us in respect of any loss or damage suffered by you and arising out of or in connection with your use of Mindmill, shall not exceed £1.00.
6.9. You agree and acknowledge that you are in a better position than us to foresee and evaluate any potential damage or loss which you may suffer in connection with your use of Mindmill; that we cannot adequately insure against our potential liability to you; and that, accordingly, the exclusions and limitations contained in this clause 6 are reasonable. You also undertake at all times to mitigate any such damage or loss.

7. Term and Termination
7.1. This Agreement shall commence upon your acceptance of the User Terms and shall last for the duration of the Assessment, whereupon it shall terminate automatically.
7.2. Mindmill may terminate the Agreement in its sole and absolute discretion with immediate effect.
7.3. Upon termination of the Agreement the following clauses shall apply:
7.3.1. the licence granted to you at clause 3.1 shall be immediately revoked;
7.3.2. all of the legal rights, obligations and liabilities that you and we have benefited from, been subject to (or which have accrued over time whilst the Agreement has been in force) or which are expressed to continue indefinitely, shall be unaffected by this cessation, and in particular, the provisions of clauses 3.2, 4, 5, 6, 7.3, 8 and 9 shall survive termination of this Agreement; and
7.3.3. we reserve the exclusive right and prerogative to retain, maintain, archive, protect, use or store any personal data or such information, without regards as to time or duration, as is strictly necessary to comply with our legal obligations, resolve disputes and enforce agreements.

8. General
8.1. You will not assign, transfer or sub-license any of your rights or obligations under these User Terms. We may at any time assign all or any of our rights and transfer all or any of our obligations under these User Terms.
8.2. Failure or neglect by us to enforce any of the provisions of these User Terms at any time shall not be construed or deemed to be a waiver of our rights, nor shall this in any way affect the validity of the whole or any part of these User Terms, nor prejudice our rights to take subsequent action.
8.3. If any part of any provisions of these User Terms shall be or become invalid, unlawful or unenforceable to any extent, then the remainder of such provisions and all other provisions of these User Terms shall continue to be valid and enforceable to the fullest extent permitted by law.
8.4. These User Terms represent the entire agreement between you and us in relation to the subject matter of these User Terms and neither of you nor us has relied upon any statement or representation made by the other in agreeing to enter this Agreement.

9. Law and Jurisdiction
9.1. These User Terms shall be construed in accordance with Northern Irish law and the parties hereby submit to the exclusive jurisdiction of the Northern Irish courts to settle any disputes which may arise in connection with these User Terms.

Mindmill Privacy Notice

Purpose

To comply with the requirements of the General Data Protection Regulation (GDPR), this document covers the specific requirements and business practices around privacy and data processing for MindMill (HR) Software Ltd.

This Privacy Notice aims to give you information on how we collect and process your personal data in a variety of circumstances including when using our website www.mindmill.co.uk or any associated mindmill domain and any data you may provide through these websites when you use any interactive features such as our Contact forms, Recruitment Systems, Assessments or otherwise. It is important that you read this privacy policy so that you are fully aware of how and why we are using your data. Our website is not intended for children and we do not knowingly collect data relating to children. This version was last updated on the 1st of November 2018.

Standard Statement Aim:

This policy aims to protect the individual as well as provide reassurance regarding the confidential treatment of information relating to Mindmill (HR) Software Ltd employees /clients and candidates.

Data protection compliance should be seen as an integral part of employment practises in order to develop a culture in which respect for security and confidentiality of personal/ client data is recognised.

Introduction

As an HR Technology company MindMill takes our responsibility to safeguard our client data very seriously. Even though user data via our Assessment Platform is almost immediately anonymised and retained only in accordance to the data policies of our clients, we take utmost care to ensure compliance to Data Protection legislation.

Basic Principles

The Data Protection Act 1998 came into force on 24 October 2001, giving effect in UK law to the European Directive on data protection

The General Data Protection Regulation (GDPR) standardizes data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII). GDPR came into force on 25 May 2018

"Data protection by design and by default", means that business processes that handle personal data must be designed and built with consideration of the principles and provide safeguards to protect data (for example, using pseudonymization or full anonymization where appropriate), and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit, informed consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done under a lawful basis specified by the regulation or unless the data controller or processor has received an unambiguous and individualized affirmation of consent from the data subject. The data subject has the right to revoke this consent at any time. The Acts works in two ways:

Giving individuals (data subjects) certain rights with regard to information held about them

Requiring those who decide how and why individual personal data are processed (data controller) to be open about their use of this data and to comply with the data protection principles in their information handling practises

The Company is registered with the Information Commissioner’s Office under the Act as processors of personal information and will adhere strongly to the principles of the Act and the obligations to act correctly and transparently in how the information held on all employees and clients is processed.

This policy should be considered as complimentary to Company policies and rules regarding computer/ internet, and confidentiality

Data Protection Principles

Central to the Act are eight data protection principles which all data controllers must follow to ensure that personal data is:

Processed lawfully and fairly

Obtained for one or more specified and lawful purpose

Adequate, relevant and not excessive

Accurate and, where necessary, kept up to date

Not kept for longer than is necessary

Secure

Not transferred to countries that do not protect personal data adequately

These principles protect the individual and also make sound business sense (for example, if we send out mailing based upon incorrect or out of date records not only may we be in breach of the act and could annoy clients/ candidates, but we could ultimately waste our own time and money).

Overall Principles

Your personal information is not processed without your knowledge

Only information relevant to our needs is collected and processed

Your personal information is only seen by those who need to do their jobs

Personal information will only be retained for as long as it is required

Decisions affecting individuals are made on the basis of reliable and up to date information

Your information is protected from unauthorised or accidental disclosure

We will provide you with a copy of your personal information on request

Inaccurate or misleading data will be corrected as soon as possible

Procedures are in place for dealing promptly with any disputes

The Right of Subject Access

Under the GDPR, MindMill respects the right of data subjects to access and control their personal data and has provisions in place for:

Access to personal information

Correction and deletion of information

Withdrawal of consent (if processing data on condition of consent)

Data portability

Restriction of processing and objection

Lodging a complaint with the Information Commissioner’s Office

Mindmill (HR) Software Ltd will endeavour to provide:

A copy of the information held

A description of why this information is processed

Who has the right to see this information

And where applicable, the logic involved in arriving at automated decisions based on the information held

Concerns or objections to the information held should be made to the Management, formally in writing

Please note that MindMill may not always be able to allow you to access your information, particularly where disclosure would provide information about another individual

Goals for this Notice

This document should ensure the governance framework and implicitly ensure that the Information Security Program implements adequate:

Confidentiality

Integrity

Availability and accessibility

Compliance with all relevant laws and regulations

Compliance with all internal requirements, policies and standards

Control and reporting of all of the above.

Management commitment to Information Security

The Board of Directors, the CEO and the other approvers (Head of Operations / Client Service Executive) realize how important Information Security is to Mindmill, and have the responsibility for:

Defining the risk appetite and acceptable risk levels

Budgeting so that risks can be managed according the risk appetite

Publishing and promoting internally the Information Security Policy

Formulating the Business requirements for strategic systems in writing

Defining responsibility for strategic systems including documentation requirements for these

Subjecting Third parties to recurring audits and managing risks for third parties and third-party subcontracting.

Establishing and maintaining Business Continuity and Business Recovery plans, which must be tested annually. These should be level 2 documents.

What information may be collected?

Personal Information is stored separately on two core systems at MindMill. The Assessment System and the Recruitment system. A list of Key Information that may be stored on each system is as listed below. Not all fields are applicable in every deployment, and the list lists data fields irrespective of the length of time that data is stored on our systems.

Assessment System

Name and Surname

Age

Gender

Email Address

Contact Number

Job Level

Education Level

Psychometric-, Motivational- and Engagement Data

Custom fields as specified by client campaign

Recruitment System

Name and Surname

Age

Gender

Email Address

Contact Number

Address Details

Education History

Employment History

List of Skills

Any information contained within user uploaded documents such as Curriculum Vitaes,

Custom fields as specified by client campaign

Data Controller

Users can get in touch if they have questions or concerns about your privacy practices, their personal information, or if they wish to file a complaint. The MindMill data controller can be reached via info@mindmill.co.uk

How is personal information used/shared?

NO personal or personally identifiable information is used/shared within MindMill’s internal processes. Personal and identifiable data is only used or shared by the commissioning client and that information protection falls under the scope and responsibility of the commissioning client, their Privacy Policies and Data Protection process.

MindMill may use anonymized data to create/update Psychometric norms but no identifiable data is kept or used for this purpose.

Marketing

If you are a customer of ours, we may contact you from time to time by call or email to provide some information about our products or services. You can ask us or third parties to stop sending you marketing messages at any by contacting us, as appropriate, at any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a service experience or other transactions.

MindMill does not provide users’ personal data to third parties for marketing purposes. However, should this need arise we will get your express opt-in consent before we share your personal data with any company outside of our own for marketing unrelated to our company.

What legal basis do we have for processing your personal data?

Mindmill provides a means of capturing and analysing data. The data we collect from you may include personal data as defined by the Data Protection Act 1998 as amended. By providing any data to us through your use of Mindmill (any such data, End User Data), you acknowledge and consent to the End User data being transferred or stored within or outside the EEA. Please note that some places outside the EEA may offer lower levels of data protection than the UK. By submitting End User Data, you agree to this transfer, storing or processing.

How do we secure personal data?

Enterprise Threat Modelling

Enterprise threat modelling means the exercise of identifying who could be a threat to your organization, what their motives might be and how they would go about accomplishing these motives. It is important to note that threat modelling isn’t something you only do for applications, but something you do for the entire enterprise, hence “enterprise threat modelling”

This threat modelling should include all of the three aspects of the CIA triad and include also for example system failure and manual error. It should model expected or unexpected attackers against the company, their likely TTP (tools, tactics and procedures), their motivation and intent and what they might be likely to do if they breach the company. Using the threat modelling proactively can be used for budgeting investments and for prioritizing tasks in the day to day work by IT and Security personnel.

Based upon risk assessments and risk/consequence estimations preventive, discovering and corrective security controls should be implemented to iteratively until residual risks are within acceptable thresholds i.e. within the risk appetite. The areas to be included in risk assessment are:

Management responsibility

Organization of Information Security

Asset Management

Human resource security

Physical and environmental security

Communications and operations management

Access control

Information systems acquisition, development and maintenance

Information security incident management

Business continuity management

Application Security

All business applications shall be developed using the OWASP SAMM framework for application security.

Data Classification

Different classification levels for assets/systems should be defined, for example:

Public

Internal

Classified

System/Business Application/Infrastructure Prioritization

All systems/business applications/infrastructure should be assigned a business criticality between 1 and 3 where 1 means business critical and 3 means a not very critical system /application /infrastructure element. Example of a criticality rating of 3 could be a test system.

Only the business part of the company can prioritize these appropriately, so it’s a project that Information Security can lead but needs also the approvers and relevant business stakeholders. A list of all relevant systems/business applications/infrastructure with a given priority is required and should be updated annually.

Business Continuity & Business Recovery Planning

To re-establish a business as usual condition following a disaster or a major incident, the company must maintain a Business Continuity Plan and a Business Recovery Plan. The plans must ensure that the company can re-establish systems and data within a predefined time frame. The plans must contain detailed emergency plans for all infrastructure within scope. To accomplish this a scope must be established and approved by the approvers.

The BCP and BRP must be tested at least once per year by for example moving the active systems to the disaster recovery site or by conducting a similar simulation.

The CEO and/or approvers are responsible for defining acceptable downtime. IT responsible and Information Security responsible are responsible for creating plans that can implement the requirements and testing them.

Continuous improvement

All policies, risk assessments, and controls should be periodically re-evaluated/audited at least annually and whenever appropriate to ensure a continuous improvement of Information Security.

Outsourcing and Vendor Management

The overall goal of defining the rules of outsourcing and vendor management is to:

Retain control of information resources in an outsourcing situation

Manage the handover securely to a partner that has been through the necessary audits/controls/due diligence

Attain the information/tools required to be able to monitor and report on expected significant benefits including any expected financial benefits related to the outsourcing services.

The purpose of this notice is also to satisfy legal and regulatory requirements and to manage the risks involved with outsourcing of significant activities.

Outsourcing should be used:

Only in a situation where this does not in any way impact customers/clients negatively

Strategically to obtain pre-defined significant benefits, the realization of which must be transparently verified and reported on periodically

Only if the process of entering into and handing over responsibility to an outsourcing partner is controlled and managed

How long do we keep your personal data for?

MindMill complies to and operates as an extension to the Data Retention Policies of its clients and project initiators. As all data entering the Mindmill system belongs to the commissioning client, MindMill operates as an outsourced provider or 3rd party to the commissioning client. MindMill thus only processes data, provides packaged data to the customer and destroy or anonymize the data in accordance the applicable data retention policy.

Use of automated decision-making and profiling

In certain instances, MindMill makes use of Automated Decision making in order to streamline workflow and the processing of information.

By submitting your End User Data:

you grant a worldwide, royalty-free, non-exclusive licence to use the End User Data to us and any third parties with which we may work from time to time in the provision of our services;

you also explicitly consent to your End User Data being analysed and forming the basis of a report to be passed to the third party at whose request you are carrying out the Assessment (such content, Report); and

you represent and warrant that you have the lawful right to provide such End User Data and the necessary rights, power and authority to grant the licence at clause

above and you further represent and warrant that the use by us of the End User Data will not infringe the rights (including intellectual property rights) of any third party.

Definitions and abbreviations

Significant outsourcing activity: Outsourcing of an activity that has a significant size either in financial terms or in impact on the company’s operations and/or clients.

Incident: Any event that does or could have caused an unintentional effect on the company’s IR with regards to the CIA triad Confidentiality, Integrity and Availability. Covers also security incidents.